Last Modified: Sat, 24 Aug 2013 00:52:08 +0000 ; Created: Sat, 24 Aug 2013 00:52:08 +0000
|I noticed after a firmware upgrade on my AT&T Uverse service that my 2wire modem shows the clear-text password for the wireless network key on the anonymous status page that anyone can navigate to on your local network. It also does so over a non-secure HTTP connection.
An interesting choice to make it easy to remind a user or tell a technician what the wireless password is. I suppose if someone is connected via a wired connection to your local network already then knowing the wireless password may not be too big of a deal unless you were expecting to keep some computers on the wired network without that knowledge (say a shared computer lab where the wireless is only meant for special users and not those who used the wired lab computers).
If someone has physical access they can just read the default password on the modem box and reset it remotely (local network) anyway (see 2WIRE router and strange default password choice). I could see cases where physical access wasn't possible and wired users were allowed throughout a building, but the use of wireless wasn't suppose to be restricted.